A phishing attack involves an attempt to acquire sensitive information such as usernames, passwords, credit card details, etc., often for malicious reasons, possibly by masquerading as a trustworthy entity. For example, an email may be sent to a target, the email having an attachment that performs malicious actions when executed or a link to a webpage that either performs malicious actions when accessed or prompts the user to execute a malicious program. Malicious actions may be malicious data collection or actions harmful to the normal functioning of a device on which the email was activated, or any other malicious actions capable of being performed by a program or a set of programs.
It can be useful to perform simulated phishing attacks on a user or a set of users. Simulated phishing attacks allow an organization to determine the level of vulnerability to phishing attacks of a user or set of users. This knowledge can be used by internet technology organizations to reduce this level of vulnerability through tools or training.
In a simulated phishing attack, a security awareness system uses campaigns to send simulated phishing emails to users that are associated with a company account (an account), and the security awareness system receives events associated with users interacting with simulated phishing emails of the campaigns, and receives IP addresses associated with the events. It has become increasingly popular for security appliances or services and software to follow links within an email automatically, prior to the email being presented to a user. For example, some firewalls can now extract HTTP/HTTPS links contained in SMTP and POP3 email messages and forward the links to a security appliance for analysis. The security appliance visits the link to determine if the corresponding web address host any exploits. This automated following of links is also called “robo-clicks”. Any non-human security appliance or services or software that follow links automatically is also known as an internet bot, or a web robot, or a www robot, or simply a bot. More generally, a bot is a software application that runs automated tasks (scripts) over the internet. Typically, bots perform tasks that are simple and repetitive. For example, a web crawler bot uses automated scripts to fetch, analyze and file information from web servers at many times the speed of a human. Some bots are good, for example bots that help search engines work properly, while other bots can be used to launch malicious attacks.
The action of these bot originated robo-clicks results in incorrect statistics in security awareness system consoles that track user responses to real and simulated phishing emails, because it appears the user has clicked on a link in an email when in fact the email has never been presented to the user. Incorrect information for company accounts (accounts) can be proactively avoided by the security awareness system automatically identifying suspect IP addresses for dispositioning by the security awareness system administrator, such that user events associated with robo-clicks can be removed from user statistics prior to companies identifying that the statistics are incorrect.